Back

Black Basta Ransomware: What You Need to Know

Sept. 20, 2024, 11:41 a.m.

Tags

ransomware
black basta
2024-09-20

External References

https://blog.qualys.com/

https://otx.alienvault.com/

Description

Black Basta is a ransomware-as-a-service group that emerged in April 2022, known for double extortion tactics. They target organizations globally, particularly in North America, Europe, and Australia, affecting over 500 entities across various industries. Initial access is gained through phishing, Qakbot, Cobalt Strike, and vulnerability exploitation. The group uses tools like Mimikatz for credential theft and lateral movement. Their process involves data exfiltration using Rclone, followed by file encryption using the ChaCha20 algorithm. The ransomware disables system defenses, deletes shadow copies, and leaves a ransom note. Black Basta has been linked to the FIN7 threat actor due to similarities in EDR evasion techniques.

Date

Published Created Modified
Sept. 20, 2024, 11:21 a.m. Sept. 20, 2024, 11:21 a.m. Sept. 20, 2024, 11:41 a.m.

Indicators

f14c7eacdb39f1decdcf1e68f57c87340968fede1dc0391b2b082f58bd3a3f93

df9498892ae72f611128c9a8bc57b93964f34cc235f5aaf57fe10fb2b3c69aa3

dd32c037ed9b72acb6eda4f5193c7f1adc1e7e8d2aefcdd4b16de2f48420e1d3

dc56a30c0082145ad5639de443732e55dd895a5f0254644d1b1ec1b9457f04ff

d943a4aabd76582218fd1a9a0a77b2f6a6715b198f9994f0feae6f249b40fdf9

d8e9e06b7adea939bcc135876f4e8a1d3719120e8ad9d4d72812ffd1dbee62fc

d1949c75e7cb8e57f52e714728817ce323f6980c8c09e161c9e54a1e72777c13

cce74c82a718be7484abf7c51011793f2717cfb2068c92aa35416a93cbd13cfa

b18b40f513bae376905e259d325c12f9d700ee95f0d908a4d977a80c0420d52e

affcb453760dbc48b39f8d4defbcc4fc65d00df6fae395ee27f031c1833abada

ab913b3bb637447f33add3c7020d353389738e4d532b905caed04c7c7f399277

ab1a3f8a0510ffa3c043bc200fe357c9ce220ea916f50b8b5b454027ef935c54

a54fef5fe2af58f5bd75c3af44f1fba22b721f34406c5963b19c5376ab278cd1

a199c9d91a1e7c7051ec40f0a3a51143aa9f06af47a2a5f0e2dd235d7e1fe386

9f948af3a30f125dcd24d8a628b3a18c66b3d72baede8496ee735cbdfd9cf0c7

9f188b2f4aa6a5ff3a6fb9048a20c5566f25bd9fb313ed1ba1d332fadd82690f

7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a

699aaea1598a034cde7ed88cd8a8a36fd59447e09bddef566357061774c48a76

5b6c3d277711d9f847be59b16fd08390fc07d3b27c7c6804e2170f456e9f1173

53a06b78d89fe3f981ff32cd7a66f31e099d4bbaac36d7c64ed08d615d314408

5211ad84270862e68026ce8e6c15c1f8499551e19d2967c349b46d3f8cfcdcaa

50f45122fdd5f8ca05668a385a734a278aa126ded185c3377f6af388c41788cb

4b83aaecddfcb8cf5caeff3cb30fee955ecfc3eea97d19dccf86f24c77c41fc4

48976d7bf38cca4e952507e9ab27e3874ca01092eed53d0fde89c5966e9533bb

46be54f719ee76af15099de6e337b05a0a442c813e815bbed92a71135cfd9ab2

449d87ca461823bb85c18102605e23997012b522c4272465092e923802a745e9

3eb22320da23748f76f2ce56f6f627e4255bc81d09ffb3a011ab067924d8013b

21033cd24a9d775d7daa7bbc5c5b007553f205ac0febb6bae3fa35c700676bda

203d2807df6ef531efbec7bfd109986de3e23df64c01ea4e337cbe5ba675248b

1ed076158c8f50354c4dba63648e66c013c2d3673d76ac56582204686aae6087

1d040540c3c2ed8f73e04c578e7fb96d0b47d858bbb67e9b39ec2f4674b04250

15abbff9fbce7f5782c1654775938dcd2ce0a8ebd683a008547f8a4e421888c4

1391c20a26f248f7c602f20096bf1886cfe7e4d151602a1258a9bbe7c02c1c80

0db7a0327192710c403e021cbfc3902d75c729b3ba59d87159bf8f59a151a481

0da309cc4f0d21c76c26d7b4f1c65bb1659908f191edb01d76ff22c8dabef0b1

0c964ac2f65f270eb19982b04ae346e72976bdf19b88ffd2308700dcce2b5ec0

0bce6dc27d2cbdc231b563427c3489ddc69a0a88012abccd49b32c931dd93a81

09bc7247b50a166996b667b9a6e696cfbafa203ffcbec46ad0cca27deacd5c25

fff35c2da67eef6f1a10c585b427ac32e7f06f4e4460542207abcd62264e435f

fafaff3d665b26b5c057e64b4238980589deb0dff0501497ac50be1bc91b3e08

f039eaaced72618eaba699d2985f9e10d252ac5fe85d609c217b45bc8c3614f4

e28188e516db1bda9015c30de59a2e91996b67c2e2b44989a6b0f562577fd757

df5b004be71717362e6b1ad22072f9ee4113b95b5d78c496a90857977a9fb415

d73f6e240766ddd6c3c16eff8db50794ab8ab95c6a616d4ab2bc96780f13464d

d15bfbc181aac8ce9faa05c2063ef4695c09b718596f43edc81ca02ef03110d1

b32daf27aa392d26bdf5faafbaae6b21cd6c918d461ff59f548a73d447a96dd9

ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e

acb60f0dd19a9a26aaaefd3326db8c28f546b6b0182ed2dcc23170bcb0af6d8f

a7b36482ba5bca7a143a795074c432ed627d6afa5bc64de97fa660faa852f1a6

9a55f55886285eef7ffabdd55c0232d1458175b1d868c03d3e304ce7d98980bc

96339a7e87ffce6ced247feb9b4cb7c05b83ca315976a9522155bad726b8e5be

90ba27750a04d1308115fa6a90f36503398a8f528c974c5adc07ae8a6cd630e7

88c8b472108e0d79d16a1634499c1b45048a10a38ee799054414613cc9dccccc

882019d1024778e13841db975d5e60aaae1482fcf86ba669e819a68ce980d7d3

86a4dd6be867846b251460d2a0874e6413589878d27f2c4482b54cec134cc737

723d1cf3d74fb3ce95a77ed9dff257a78c8af8e67a82963230dd073781074224

7ad4324ea241782ea859af12094f89f9a182236542627e95b6416c8fb9757c59

69192821f8ce4561cf9c9cb494a133584179116cb2e7409bea3e18901a1ca944

5d2204f3a20e163120f52a2e3595db19890050b2faa96c6cba6b094b0a52b0aa

62e63388953bb30669b403867a3ac2c8130332cf78133f7fd4a7f23cdc939087

5b2178c7a0fd69ab00cef041f446e04098bbb397946eda3f6755f9d94d53c221

5942143614d8ed34567ea472c2b819777edd25c00b3e1b13b1ae98d7f9e28d43

58ddbea084ce18cfb3439219ebcf2fc5c1605d2f6271610b1c7af77b8d0484bd

51eb749d6cbd08baf9d43c2f83abd9d4d86eb5206f62ba43b768251a98ce9d3e

462bbb8fd7be98129aa73efa91e2d88fa9cafc7b47431b8227d1957f5d0c8ba7

42f05f5d4a2617b7ae0bc601dd6c053bf974f9a337a8fcc51f9338b108811b78

3c50f6369f0938f42d47db29a1f398e754acb2a8d96fd4b366246ac2ccbe250a

39939eacfbc20a2607064994497e3e886c90cd97b25926478434f46c95bd8ead

37a5cd265f7f555f2fe320a68d70553b7aa9601981212921d1ac2c114e662004

360c9c8f0a62010d455f35588ef27817ad35c715a5f291e43449ce6cb1986b98

350ba7fca67721c74385faff083914ecdd66ef107a765dfb7ac08b38d5c9c0bd

3337a7a9ccdd06acdd6e3cf4af40d871172d0a0e96fc48787b574ac93689622a

3090a37e591554d7406107df87b3dc21bda059df0bc66244e8abef6a5678af35

1c1b2d7f790750d60a14bd661dae5c5565f00c6ca7d03d062adcecda807e1779

17879ed48c2a2e324d4f5175112f51b75f4a8ab100b8833c82e6ddb7cd817f20

17205c43189c22dfcb278f5cc45c2562f622b0b6280dcd43cc1d3c274095eb90

0a8297b274aeab986d6336b395b39b3af1bb00464cf5735d1ecdb506fef9098e

07117c02a09410f47a326b52c7f17407e63ba5e6ff97277446efc75b862d2799

05ebae760340fe44362ab7c8f70b2d89d6c9ba9b9ee8a9f747b2f19d326c3431

0554eb2ffa3582b000d558b6950ec60e876f1259c41acff2eac47ab78a53e94a

1fd42d07b4be99e0e503c0ed5af2274312be1b03e01b54a6d89c0eef04257d6e

Attack Patterns

Black Basta - S1070

QuackBot

Pinkslipbot

QakBot - S0650

SystemBC

QBot

Cobalt Strike - S0154

Black Basta

T1543.003

T1490

T1059.003

T1059.001

T1497

T1562.001

T1204.002

T1486

T1083

T1047

T1036

T1112

T1566

T1190

T1068

CVE-2021-42287

CVE-2021-42278

CVE-2024-26169

CVE-2024-1709

CVE-2021-34527

CVE-2020-1472

Additional Informations

Critical Infrastructure

Australia

United States of America